librelad 898068a390 refactor(apps): make app tools + helpers fully self-contained per app
Each app now carries everything under containers/<app>/: Tools-tab actions in
tools/ (declaration <app>.tools.json + function <app>_<tool_id>.sh) and logic
helpers in scripts/ (e.g. <app>_auth.sh). The container scan live-sources every
.sh under the app (maxdepth 3, prunes only resources/) and webui_tools.sh
auto-merges the .tools.json, so an app is a true drop-in — no central edit, no
array regen.

- Empty the central webui_tools.sh heredoc; all 34 tools across 11 apps now
  come from per-app declarations (verified byte-identical to the old output).
- Retire the orphaned mattermost tool scripts to scripts/unused (there is no
  containers/mattermost; its install fn already lived in unused).
- Update the dispatch comment/error path, the auth-adapter doc, and
  DEVELOPMENT.md to the new convention.
- Regenerate static arrays (files_app.sh no longer lists app/containers/*).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-25 22:45:33 +01:00

63 lines
2.8 KiB
Bash

#!/bin/bash
_invidiousPsql() {
runFileOp docker exec -i invidious-db psql -U kemal -d invidious -At -c "$1" 2>&1
}
_invidiousBcrypt() {
if ! command -v htpasswd >/dev/null 2>&1; then
isError "htpasswd is required to bcrypt the password."; return 1
fi
htpasswd -bnBC 10 "" "$1" | tr -d ':\n'
}
authAdapter_invidious_setPassword() {
local user="$1" password="$2"
[[ -z "$user" ]] && { isError "Email/username is required."; return 1; }
[[ -z "$password" ]] && password=$(generateRandomPassword)
local hash; hash=$(_invidiousBcrypt "$password") || return 1
local esc_hash="${hash//\'/\'\'}"
local esc_user="${user//\'/\'\'}"
local out; out=$(_invidiousPsql "UPDATE users SET password = E'$esc_hash' WHERE email = E'$esc_user' RETURNING email;")
if [[ -z "$out" ]]; then isError "No Invidious user with email '$user'."; return 1; fi
if [[ "$user" == "${CFG_INVIDIOUS_ADMIN_USER:-}" ]]; then
authPersistCfg invidious ADMIN_PASSWORD "$password"
fi
isSuccessful "Invidious password set for $user — New password: $password"
}
authAdapter_invidious_createUser() {
local user="$1" password="$2" _email="$3" isAdmin="$4"
[[ -z "$user" ]] && { isError "Email is required (Invidious uses email as username)."; return 1; }
[[ -z "$password" ]] && password=$(generateRandomPassword)
local hash; hash=$(_invidiousBcrypt "$password") || return 1
local esc_hash="${hash//\'/\'\'}" esc_user="${user//\'/\'\'}"
local out; out=$(_invidiousPsql "INSERT INTO users (email, password, updated, notifications, subscriptions, preferences, token, watched, feed_needs_update) VALUES (E'$esc_user', E'$esc_hash', now(), array[]::text[], array[]::text[], '{}', '', array[]::text[], true) RETURNING email;")
if [[ -z "$out" ]]; then isError "Invidious create failed: $out"; return 1; fi
if [[ "$isAdmin" == "true" && -z "${CFG_INVIDIOUS_ADMIN_USER:-}" ]]; then
authPersistCfg invidious ADMIN_USER "$user"
authPersistCfg invidious ADMIN_PASSWORD "$password"
fi
isSuccessful "Invidious user created — Email: $user — Password: $password"
}
authAdapter_invidious_listUsers() {
_invidiousPsql "SELECT 'EZ_USER' || E'\t' || email || E'\t' || email || E'\t-' FROM users ORDER BY email;"
}
authAdapter_invidious_deleteUser() {
local user="$1"
[[ -z "$user" ]] && { isError "Email is required."; return 1; }
local esc="${user//\'/\'\'}"
local out; out=$(_invidiousPsql "DELETE FROM users WHERE email = E'$esc' RETURNING email;")
[[ -z "$out" ]] && { isError "No Invidious user '$user'."; return 1; }
isSuccessful "Invidious user '$user' deleted."
}
authAdapter_invidious_setAdmin() {
isNotice "Invidious admin status is configured in invidious.yml — not editable via the WebUI."
return 1
}